Rapidly evolving cyber threats to space systems increase the risk that skilled adversaries could disrupt, degrade, or destroy mission critical capabilities via cyber means. Exfiltration and/or modification of data is also a risk for space systems. Although the attack surface to space systems (supply chain, ground systems, networks, user terminals) is usually well protected, there is a high motivation for adversaries to seek out potential vulnerabilities on the spacecraft. Spacecraft architectures are typically based on heritage subsystems of hardware/software/firmware including real-time operating systems, embedded processors, shared bus architectures, and custom ASICs. These systems are highly redundant and resilient to component failures, since operation in the space environment of 15+ years is typical. However, spacecraft architectures were typically not designed with the cyber threat in mind. Well known cyber threat concepts (malware, privilege elevation, root-kits, system pivots, stack overflow, man-in-the-middle, reconnaissance) should now be considered when designing cyber defense for the spacecraft. A unique challenge for spacecraft cyber defense is the potential for denial-of-service attacks through the "safe mode" of the spacecraft. A cyber resilient spacecraft that is under attack will continue mission critical activities, initiate defensive measures, and "operate through" the attack without a trigger to a non-operational "safe mode" state. The Aerospace Corporation and Carnegie Mellon University Software Engineering Institute (SEI) are researching new approaches to spacecraft flight software for cyber resilient operations. This research includes: cyber threats relevant to the space environment, strengths and potential vulnerabilities for typical flight code processing, runtime assurance, analytics & detection, autonomous defense, and cyber assurance in the software lifecycle. Concepts will likely have application for avionics, SCADA, and other real-time operating environments.
展开▼